services / Google Cloud / Firebase security rules publishing

Manage security rules releases, which define which security rules are live and used by security rules-enabled services.


When combined with the ability to create arbitrary ruleset context, can allow data escalation. Used alone, an attacker could revert your environment to a known old, insecure ruleset.


Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.


  • https:​/​/​firebase.​google.​com/​docs/​rules
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog